﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class staffpages_StaffLogin : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString);
    SqlCommand com;
    SqlCommand com2;

    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        con.Open();
        string checkUser = "select count(*) from StaffAccount where sta_username = '"+txtUsername.Text.Trim()+"'";
        com = new SqlCommand(checkUser,con);
        int n = Convert.ToInt32(com.ExecuteScalar().ToString());
        con.Close();

        if (n == 1)
        {
            con.Open();
            string checkPass = "select sta_password from StaffAccount where sta_username='"+txtUsername.Text.Trim()+"'";
            com2 = new SqlCommand(checkPass,con);
            string pass = com2.ExecuteScalar().ToString().Replace(" ","");
            if (pass == txtPassword.Text.Trim())
            {
                Response.Redirect("StaffHome.aspx");
            }
            else
            {
                lblMsgLogin.Text = "Password Error, try again!";
                
            }
        }
        else
        {
            lblMsgLogin.Text = "Username Error, try again!";
            
        }
    }
}